Package name
dhcp
Date
2012-10-02
Advisory ID
MDVSA-2012:153-1
Affected versions
2011 i586 , 2011 x86_64

Problem description

A security issue was identified and fixed in dhcp:

ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows
remote attackers to cause a denial of service (daemon crash)
in opportunistic circumstances by establishing an IPv6 lease in
an environment where the lease expiration time is later reduced
(CVE-2012-3955).

The updated packages have been patched to correct this issue.

Update:

Packages for Mandriva Linux 2011 is being provided.

The updated packages have been upgraded to dhcp 4.2.4-P2 which is
not vulnerable to this issue.

Updated packages

2011 i586

 2fcc769d84e43b66cb386786b8c3fee0  2011/i586/dhcp-client-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 66a3bcce42ae48736cb8253212c7eb96  2011/i586/dhcp-common-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 30027b4ef67fa659ac4ff1e7dcfc5479  2011/i586/dhcp-devel-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 e7bef4689915a0fd123bbe6cedc4c289  2011/i586/dhcp-doc-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 a452f75cd1b1aa88095fca4f0b437b94  2011/i586/dhcp-relay-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 7b8c69543e9d3e8c756d791b054d11e0  2011/i586/dhcp-server-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm 
 f5fc431c0e8c1995191ef11ecc0aaa15  2011/SRPMS/dhcp-4.2.4-0.P2.0.1.src.rpm

2011 x86_64

 a95f54f1f4d965fcf21497f072d664d0  2011/x86_64/dhcp-client-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 7085ed104ef6341d4f975a31c333203f  2011/x86_64/dhcp-common-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 b2dbbeff1e2cff794afe95ca06f6d41d  2011/x86_64/dhcp-devel-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 f50177991a1326b1cc3bc3dc610e5ac6  2011/x86_64/dhcp-doc-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 f1b695af971ce898fa7079bad8a965f3  2011/x86_64/dhcp-relay-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 0e7809a34e959074d3d2721315c1d3c0  2011/x86_64/dhcp-server-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm 
 f5fc431c0e8c1995191ef11ecc0aaa15  2011/SRPMS/dhcp-4.2.4-0.P2.0.1.src.rpm

References